1. Field of the Invention
The present invention is relates to a key management system, and a multicast delivery system using the same.
2. Description of the Related Art
Generally, multicast packets are received by unspecified multitude of receivers. In order to permit only a specific client to listen or view, it is necessary that data delivered by packets is enciphered using a cipher key and a decipher key is delivered to only the specific client.
Conventionally, in a multicast delivery system in which delivery data is enciphered, the encipherment is carried out by using a different key for every predetermined time to prevent a tapping. For this purpose, as disclosed in Japanese Laid Open Patent Application (JP-P2001-285273A: a first conventional example), the change of a cipher key and a decipher key is carried out. In this way, by changing the key periodically, it is possible to manage the clients and to improve the secrecy of the cipher.
Such a conventional multicast delivery system contains a content server, clients and a key management server. The content server transmits packets with a key request data for every predetermined time, and the client receives it and requests a key to the key management server. In this way, the key is updated for every predetermined time, and it is possible to prevent the enciphered data from being leaked even when the key passes to a third party. However, there are the following problems in the key management system of the above-mentioned conventional multicast delivery system.
First, a time lag is present in the reception of the key request data. When receiving the key request data, the client requests the key to the key management server and starts a deciphering operation after receiving the key as a response to the request. Therefore, the client cannot start the deciphering operation of the enciphered data until the response returns from the key management server.
Second, the user cannot listen and view the broadcast data immediately when participating the multicast broadcasting on the way. Because the packet with the key request data is transmitted for every predetermined time interval, the client cannot acquire a decipher key until the following key request data is sent, and cannot carry out the deciphering operation, even if the client participates to the multicast broadcasting.
Third, there is a possibility that a period during which the key cannot be acquired when the key request data multicast-delivered disappears on the route becomes long. Because response confirmation is not carried out in the multicast delivery, it cannot be confirmed that the packet disappeared on the route. Therefore, when the packet with the key request data disappears, it is not possible to acquire a new key until the following key request data is sent. In this way, until the new key can be acquired, the deciphering operation of the enciphered data is not carried out.
As a protocol for the communication of enciphered data in unicast communication, IPsec and so on are known. These cannot be applied to the multicast delivery just as they are. Because the unicast communication is carried out in a one-to-one manner, it is enough to share the key between two ends. However, because the multicast communication is carried out in a one-to-multi manner, it is not possible to share the key in the same method unlike the unicast communication. For this reason, in the enciphering and deciphering operation in the multicast communication, a new system different from the conventional unicast communication is necessary.
Generally, when a plurality of multicast deliveries are carried out, each delivery is identified based on a combination of a transmission source address, a multicast address and a transmission and reception port number. Therefore, in a conventionally technique, when a plurality of content server deliver multicast packets containing the enciphered data by using different keys, it is necessary that the multicast packet can be identified based on the combination of the transmission source address, the multicast address and transmission and reception port number on the client side in order to acquire a decipher key corresponding to each multicast packet. Also, when the keys are changed (the cipher key and decipher keys) in the multicast delivery of the enciphered data, it is necessary to establish synchronization of the cipher key and the decipher key between the content server and the client, by using any methods.
A system for establishing synchronization using a key management server that carries out the following process is disclosed in Japanese Laid Open Patent Application (JP-P2002-111649A: a second conventional example). That is, the key management server receives a new key when the content server starts transmission or the key is changed and notifies the key change to the client. In this way, a key for the delivery data is delivered to the client. However, in the key management system of the multicast delivery system of the second conventional example, when the key is changed, the key management server needs to deliver the new key to the client. In order to realize such a key management, the key management server must grasp the clients at a present during the multicast packet reception previously. As the result, the management of the key became complex.
In the stream media data broadcasting such as delivery broadcasting, satellite broadcasting, and cable television of the stream media data using an Internet and so on, the scramble broadcasting is required to protect contents from reasons on the business. As a conventional scrambling method of the stream media data, the encryption algorithm of DES and AES, RSA are mainly used. A lot of processes are necessary to carry out the enciphering/deciphering process in software, while these algorithms are powerful. Especially, when the enciphering/deciphering processes in real time are necessary like the broadcasting data, hardware of exclusive use is necessary. Such hardware is expense and the cost prevents the scrambling apparatus for the broadcasting service from spreading in each home widely.
A third conventional example of a scramble broadcasting method of stream media data is disclosed in the Japanese Laid Open Patent Application (JP-A-Heisei 8-288939). In this third conventional example, a broadcasting cell is enciphered by a cipher key generated by a cipher key generating section of a line termination unit, and the broadcasting cell is descrambled using a cipher key previously given to a subscriber terminal. Because a special encryption algorithm is used in the conventional scramble broadcasting method of the stream media data, the hardware of exclusive use needs to descramble of the scrambled stream media data. This problem is the same as in the third conventional example.
In a conjunction with the above description, a charged broadcasting method is disclosed in Japanese Laid Open Patent Applications 61-108272 and 62-000189. In these conventional examples, a program classification data generating section generates program classification data corresponding to a charged radio program in a broadcasting station. A contract program classification data generating section shows that a subscriber contracts the charged program broadcasting. A key data generating section generates key data to scramble a charged program broadcasting signal. A transmitting section transmits the key data, the program classification data, and the contract program classification data. In a receiving end, an extracting section extracts the key data, the program classification data, and the contract program classification data. A key data extracting section extracts the key data. A comparing section compares the program classification data and the contract program classification data. A display section shows that the contract of the charged program is not accomplished when the program classification data and the contract program classification data do not correspond.
Also, a charged broadcasting method is disclosed in Japanese Laid Open Patent Application (JP-A-Showa 61-108277). In this conventional example, a random number generating section generates a random number using a predetermined non-opened key data. A memory stores the non-opened key data for every subscriber. A contract determining section determines the existence or non-existence of the subscriber contract based on the non-opened key data. A scramble section scrambles broadcasting data using the random number. On the side of the subscriber, an extracting section extracts the non-opened key data, determines whether or not the extracted key data is coincident with the key data peculiar to the subscriber, and a key deciphering section generates a descramble control signal. A subscriber identifying section determines the matching of a subscriber identifying code specified by the subscriber and the non-opened data peculiar to a subscriber equipment, and the random number generating section generates a random number based on the determination result of the matching. A descramble section descrambles the broadcasting data using the random number.
Also, a satellite broadcasting receiving apparatus is disclosed in Japanese Laid Open Patent Application (JP-A-Heisei 2-112343). In this conventional example, a broadcasting signal is generated by calculating an exclusive OR of a source signal and a pseudo-random data series and by carrying out frequency spreading scrambling to the calculating result. The broadcasting signal is added with a period signal and a control signal and is transmitted periodically. The satellite broadcasting receiving apparatus receives the broadcasting signal transmitted from the satellite, and carries out frequency spreading descrambling to the received signal to replay it. The satellite broadcasting receiving apparatus has a prohibiting section which prohibits the detection of the sync signal during a predetermined period containing a control signal at least, after detecting a sync signal.
Also, a charged broadcasting receiver is disclosed in Japanese Laid Open Patent Application (JP-A-Heisei 4-165785. In this conventional example, a data is enciphered through an exclusive OR operation with pseudo-random numbers which are generated based on a predetermined initial value. Also, an identifier number, an individual contract data showing an address of a receiver, a data containing an initial value are enciphered, and are superimposed on scrambled sound data to generate a broadcasting data. The receiver descrambles the broadcasting data to replay it. The receiver is composed of a memory which stores the identifier number and the individual contract data. A plurality of extracting section compare the identifier number of the received broadcasting data and a stored-identifier number and take out only the data of a contracted program. A deciphering section deciphers extracted data. A generating section generates pseudo-random numbers based on the initial value contained in the enciphered broadcasting data. The sound data is replayed based on the plurality of received data and the pseudo-random numbers.
Also, a coder in charged broadcasting is disclosed in Japanese Laid Open Patent Application (JP-A-Heisei 4-291589). In this conventional example, a descrambling unit inputs a scrambled digital multiple sampling coded signal, a 25-frame deinterleave, and a sound data bit stream after BCH (82,74) error correction, and outputs a descrambled digital multiple sampling coding signal after a descrambling process of a video signal portion of the scramble digital multiple sampling coding signal and a pseudo-random signal for the descrambling process of the sound data bit stream. An exclusive OR calculating unit carries out addition of the pseudo-random signal and the scrambled sound data bit stream outputted from the descrambling unit and outputs a sound data bit stream. A bit deleting unit inputs the descrambled sound data bit stream and deletes multiplexed scramble relating bits. A sound multiple re-encoding unit has a bit interleaving unit, a BCH (82,74) error correction adding unit, a 25-frame interleaving unit, a time-axis compressing unit, a binary/ternary inverter, a resampling waveform shaping filter unit of 12.15 MHz/16.2 MHz. The sound data bit stream in which the scramble relating bits have deleted again multiplies into a multiple sampling re-encoded audio signal. A delay section delays the multiple sampling re-encoded audio signal outputted from the sound multiple re-encoding unit. A signal switching unit multiplexes the delayed audio signal into a sound independence data area outputted from the descrambling unit. A control system controls the timing of the signal switching unit.
Also, a scrambling method is disclosed in Japanese Laid Open Patent Application (JP-A-Heisei 5-327695). In the scrambling method of this conventional example, an initial value is set to a first register having a plurality of cells. The contents of the first register are transferred to a second register R2 having the same number of cells as the first register, while holding the contents of the first register R1. Moreover, a third register R3 having a plurality of cells is cleared. The least significant bit of the second register R2 is added to the third register R3, and the contents of the second register R2 is shifted into a direction of the lower bit by a predetermined bit number (f(k+1)−fk). The final output is added to the third register. This calculation is repeated from K=1 to i (a preset number). The least significant bit of the first register is stored in a memory in order and then the contents of the first register R1 are shifted to the lower bit direction by one bit. Moreover, the least significant bit of the third register is transferred to the most significant bit of the first register. The above step is repeated by a predetermined number of times, and then the exclusive OR of one bit of a signal to be transmitted and one of the bits stored in the memory corresponding to the one bit is calculated and outputted.
Also, a key management system is disclosed in Japanese Laid Open Patent Application (JP-A-Heisei 11-27252) and Japanese Laid Open Patent Application (JP-P2002-190797A). The key management system of this conventional example is composed of a data encrypting apparatus which enciphers data using a cipher key, a data decrypting apparatus which deciphers the enciphered data using a decipher key, and a key management apparatus which manages the cipher key and the decipher key to be used in the data encrypting apparatus and the data decrypting apparatus. The data encrypting apparatus and the key management apparatus are connected by a communication the network. The key management apparatus is composed of a key storage section which stores at least one set of the cipher keys and the decipher keys, and a management table storage section which stores a management table showing a correspondence relation between the decipher key stored in the storage section and a publication day and time of the decipher key. Also, the key management apparatus is further composed of a key search section which refers to the management table stored in the management table storage section to search the cipher key paired with the decipher key corresponding to the date and the day time required by the data encrypting apparatus. A cipher key transmitting section transmits the searched cipher key to the data encrypting apparatus through the communication network. A decipher key publishing section publishes or opens the decipher key corresponding a current day and time in accordance with the management table stored in the management table storage section. The data encrypting apparatus is composed of a date and time data transmitting section which transmits a data about the date and time when the secrecy of the data is released, to the key management apparatus through the communication network, and a cipher key receiving section which receives the cipher key corresponding to the date and time data and sent from the key management apparatus through the communication network. Also, the data encrypting apparatus is composed of an enciphering section which enciphers the data by using the cipher key received by the cipher key receiving section, and an enciphered data generating section which add a date and time data to the enciphered data by the enciphering section and generates an enciphered information to be distributed to the data decrypting apparatus. The data decrypting apparatus is composed of an enciphered data acquiring section which acquires the enciphered data generated by the data encrypting apparatus, and a decipher key acquiring section which acquires the decipher key published or opened by the key management apparatus on a date and time specified by the date and time data given to the enciphered information which is acquired by the enciphered data acquiring section. Also, the data decrypting apparatus is further composed of a decipher section which deciphers the enciphered information acquired by the enciphered data acquiring section by using the decipher key acquired by the decipher key acquiring section.
Also, a network system is disclosed in Japanese Laid Open Patent Application (JP-P2000-224155A). The network system of this conventional example is composed of a key server and a plurality of clients. The key server transmits a new common key to each of the clients after change every time the clients are changed. Each of the clients enciphers data by using the delivered common key, adds a relation data showing a relation between the key server and each client to the enciphered data and carries out transmission and reception. In each of the above clients, a calculation section calculates a guaranteed delay time until the above common key is transmitted to each of the above clients from the key server, after inquiring the key server. A delay section applies a delay process of the time equivalent to the delay time calculated by the above calculation section to the enciphered data. When a new key is distributed from the above key server during the delay process of the above delay section, a transmitting section re-enciphers the data with the new key to supply the enciphered data to the above delay section. When the new key is not distributed from the above key server during the delay process of the above delay section, the transmitting section transmits the enciphered data outputted from the above delay section to another client and the above the key server.
Also, a multicast communication method is disclosed in Japanese Laid Open Patent Application (JP-P2002-124940A). In the multicast communication method of this conventional example, a transmitting section sends out secret data about the cipher to the key management server and communicates data about the cipher to routers. First, a key request data is enciphered and is sent out. Each of the routers adds a value peculiar to it and transmits to a plurality of receiving sections. The receiving section hands over the key request data to a key management server and receives a decipher key different every route. The delivered data is subject to a power calculation in a transmitting section by using a specific value and in the route by using the peculiar value. Then, a surplus of a value is calculated, and is sent in order as a cipher. Thus, the encipherment different every route is carried out. A receiving section deciphers the enciphered data by each router by using an acquired decipher key once and a plaintext is obtained.
Also, a multicast communication system is disclosed in Japanese Laid Open Patent Application (JP-P2002-217973A). In the multicast communications system of this conventional example, when a client apparatus requests the reception of multicast data, a client apparatus transmits a reception request of the multicast data to a reception management server apparatus. In case of stopping the reception of the multicast data, the client apparatus transmits a reception stop notice to the reception management server apparatus. The reception management server manages a reception situation every client based on the data transmitted from these client apparatuses. At this time, the reception management server apparatus determines whether or not to the reception of the multicast data is permitted to the client apparatus which transmitted the reception request. In case of permission, the reception management server notifies the fact to the routing control server apparatus. A routing control server apparatus controls the routing apparatus to transmit the multicast data to the client apparatus in response to the reception of this notice.
Also, an encrypting apparatus is disclosed in Japanese Laid Open Patent Application (JP-P2002-23622A). The encrypting apparatus of this conventional example is a common key cryptography type of encrypting apparatus which uses a plurality of extended keys in opposite orders in a data stirring process for encipherment and a data stirring process for decipherment. In a round process section, in the initial stage of a round function of a plurality of stages, a common key is inputted, and a predetermined round function is applied to generate an intermediate state. In the second stage and the subsequent stages, the intermediate state generated in the previous stage is inputted, and the predetermined round function is applied and a new intermediate state is generated. Each of the intermediate states generated in a part or whole of stages of the round processes is subjected to a predetermined conversion process without any change and then outputted as the extended key.
Also, a data delivery method is disclosed in Japanese Laid Open Patent Application (JP-P2002-252607A). In the data delivery method of this conventional example, keys used to encipher and decipher contents are generated in a key provision terminal. The generated key is delivered to a data service terminal and each of data use terminals in unicast communication. The delivered key is acquired by the data service terminal and is stored. The delivered key is acquired by the data use terminals and is stored. The contents are enciphered by using the key stored in the data service terminal and the enciphered contents are delivered to each of the data use terminals in a multicast communication. The delivered enciphered contents are acquired by the data use terminals, are deciphered by using the key stored in the data use terminal and is replayed.